| 1 | CHANGES - changes for libtpms
|
|---|
| 2 |
|
|---|
| 3 | version 0.9.0:
|
|---|
| 4 | - NOTE: Downgrade to previous versions is not possible. See below.
|
|---|
| 5 | - The size of the context gap has been adjusted to 0xffff from 0xff.
|
|---|
| 6 | As a consequence of this the volatile state's format (STATE_RESET_DATA)
|
|---|
| 7 | has changed and cannot be downgraded.
|
|---|
| 8 | - Applied work-around for Win 2016 & 2019 server related to
|
|---|
| 9 | TPM2_ContextLoad (issue #217)
|
|---|
| 10 | - Check for several more compile-time constants
|
|---|
| 11 | - Enabled Camellia symmetric key encryption algorithm
|
|---|
| 12 | - tpm2: CryptSym: fix AES output IV
|
|---|
| 13 | - tpm2: Added a cache for private exponent D and prime Q
|
|---|
| 14 | - tpm2: bug fixes related to state marshalling
|
|---|
| 15 | - tpm2: Consume padding bytes in TPM2_ContextLoad() (Win2k19, issue #217)
|
|---|
| 16 | - tests: Improvements on the fuzzer
|
|---|
| 17 | - tpm2: Switch to UINT16 for CONTEXT_SLOT and 64k context gap
|
|---|
| 18 | - tpm2: Update to TPM 2 spec rev 164
|
|---|
| 19 | - build-sys: Enable building --without-tpm1
|
|---|
| 20 | - tpm2: Marshal event sequence objects' hash state
|
|---|
| 21 | - tpm2: Fixes for build and runtime when using OpenSSL 3.0
|
|---|
| 22 |
|
|---|
| 23 | version 0.8.0
|
|---|
| 24 | - NOTE: Downgrade to previous versions is not possible. See below.
|
|---|
| 25 | - Update to TPM 2 code release 159
|
|---|
| 26 | - X509 support is enabled
|
|---|
| 27 | - SM2 signing of ceritificates is NOT supported
|
|---|
| 28 | - Authenticated timers are disabled
|
|---|
| 29 | - Due to fixes in the TPM 2 prime number generation code in rev155 it is not
|
|---|
| 30 | possible to downgrade from libtpms version 0.8.0 to some previous version.
|
|---|
| 31 | The seeds are now associated with an age so that older seeds use the old
|
|---|
| 32 | TPM 2 prime number generation code while newer seed use the newer code.
|
|---|
| 33 | - Update to TPM 2 code release 162
|
|---|
| 34 | - ECC encryption / decryption is disabled
|
|---|
| 35 | - Fix support for elliptic curve due to missing unmarshalling code
|
|---|
| 36 | - Runtime filter supported elliptic curves supported by OpenSSL
|
|---|
| 37 | - Fix output buffer parameter and size for RSA decryption that could cause
|
|---|
| 38 | stack corruption under certain circumstances
|
|---|
| 39 | - Set the RSA PSS salt length to the digest length rather than max. possible
|
|---|
| 40 | - Fixes to symmetric decryption related to input size check,
|
|---|
| 41 | defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
|
|---|
| 42 | to always use a temporary malloc'ed buffer for decryption
|
|---|
| 43 | - Fixed the set of PCRs belonging to the TCB group. This affects the
|
|---|
| 44 | pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
|
|---|
| 45 | for test cases to succeed there.
|
|---|
| 46 |
|
|---|
| 47 | version 0.7.0
|
|---|
| 48 | - use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible
|
|---|
| 49 |
|
|---|
| 50 | version 0.6.0
|
|---|
| 51 | - added TPM 2 support (revision 150)
|
|---|
| 52 |
|
|---|
| 53 | - New API calls:
|
|---|
| 54 | - TPMLIB_CancelCommand
|
|---|
| 55 | - TPMLIB_ChooseTPMVersion
|
|---|
| 56 | - TPMLIB_SetDebugFD
|
|---|
| 57 | - TPMLIB_SetDebugLevel
|
|---|
| 58 | - TPMLIB_SetDebugPrefix
|
|---|
| 59 | - TPMLIB_SetBufferSize
|
|---|
| 60 | - TPMLIB_ValidateState
|
|---|
| 61 | - TPMLIB_SetState
|
|---|
| 62 | - TPMLIB_GetState
|
|---|
| 63 |
|
|---|
| 64 | version 0.5.1
|
|---|
| 65 | first public release
|
|---|
| 66 |
|
|---|
| 67 | - release 7 increased NVRAM area for being able to store more data in
|
|---|
| 68 | the TPM's NVRAM areas, i.e., X.509 certificates
|
|---|
| 69 |
|
|---|
| 70 | - release 9 added two more APIs:
|
|---|
| 71 | - TPM_Free
|
|---|
| 72 | - TPMLIB_DecodeBlob
|
|---|
